Lucene search
K

41 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-41206

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00335EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-37302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to...

6.1CVSS6.4AI score0.00689EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.8 views

CVE-2025-53010

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...

7.5CVSS7.2AI score0.00463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/04 9:33 a.m.9 views

CVE-2025-53011

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...

7.5CVSS7.2AI score0.00516EPSS
Exploits1References1
CVE
CVE
added 2025/08/01 6:0 p.m.28 views

CVE-2025-53012

MaterialX 1.39.2 contains a stack-exhaustion vulnerability in its import processing due to no limit on import chain depth. Nested file imports trigger recursion without depth restrictions, allowing an attacker to crash or stall a process parsing MaterialX files. The issue is fixed in MaterialX 1....

7.5CVSS6.8AI score0.00818EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/08/01 6:0 p.m.12 views

CVE-2025-53012 MaterialX's Lack of Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, nested imports of MaterialX files can lead to a crash via stack memory exhaustion, due to the lack of a limit on the "import chain" depth. When parsin...

6.9CVSS0.00818EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/01 5:58 p.m.12 views

CVE-2025-53010 MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereference

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously craft...

5.1CVSS0.00463EPSS
Exploits1References3
Snyk
Snyk
added 2025/07/31 7:37 p.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. An attacker can cause the application to crash or become unresponsive by supplying a deeply nested chain of imported files, leading to stack exhaustion during parsing. Note: This is only exploitable if the attacke...

7.5CVSS7AI score0.00818EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/31 7:37 p.m.7 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the XML parsing process. An attacker can cause a crash by providing a specially crafted MTLX file with deeply nested nodegraph elements, leading to stack exhaustion during recursive parsing. Remediation...

7.5CVSS7AI score0.00605EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/31 6:31 p.m.1 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing. Details Denial of Service DoS...

7.5CVSS7.1AI score0.00516EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/31 6:31 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the getShaderNodes function when processing shader nodes from a crafted input file. An attacker can cause the application to crash by supplying a file that triggers a null pointer dereference during output no...

7.5CVSS6.8AI score0.00463EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.8 views

PT-2025-31591

Name of the Vulnerable Software and Affected Versions MaterialX versions prior to 1.39.3 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code...

7.5CVSS6AI score0.00516EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.8 views

CVE-2023-37254

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format...

6.1CVSS6AI score0.00467EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:28 a.m.6 views

CVE-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

5.4CVSS5.8AI score0.00497EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.2 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3 and earlier versions, which stems fro...

8.6CVSS6.7AI score0.00586EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-12205 · Mediawiki · Mediawiki Cargo Extension

Name of the Vulnerable Software and Affected Versions: MediaWiki Cargo extension versions through 1.39.3 Description: An issue was discovered in the Cargo extension for MediaWiki, where there is mishandling of backticks to smartSplit. Recommendations: For MediaWiki Cargo extension versions throug...

8.6CVSS6.9AI score0.00586EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:59 a.m.17 views

BIT-MEDIAWIKI-2023-37304

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature...

5.4CVSS5.2AI score0.00497EPSS
Exploits1References3
OSV
OSV
added 2023/06/30 6:31 p.m.20 views

GHSA-FMRF-P77G-VV5C MediaWiki Cross-site Scripting vulnerability

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.8AI score0.00689EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2023/06/30 5:15 p.m.5 views

CVE-2023-37305

An issue was discovered in the ProofreadPage aka Proofread Page extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces...

5.3CVSS6AI score0.00614EPSS
Exploits1References3
OSV
OSV
added 2023/06/30 5:15 p.m.3 views

UBUNTU-CVE-2023-37300

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users...

5.3CVSS5.8AI score0.00672EPSS
Exploits1References4
Rows per page
Query Builder